What's new

OpenVpn Self hosted in the cloud-Unable to connect-Linux ip addr add failed: external program exited with error status: 2

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Khadanja

Senior Member
I have set up OpenVpn server in the cloud, can connect using the desktop OpenVpn app and mobile app but unable to set it up in the router, getting this error-
Oct 31 14:17:47 68U ovpn-client5[19880]: TUN/TAP TX queue length set to 1000
Oct 31 14:17:47 68U ovpn-client5[19880]: /usr/sbin/ip link set dev tun15 up mtu 1500
Oct 31 14:17:47 68U ovpn-client5[19880]: /usr/sbin/ip link set dev tun15 up
Oct 31 14:17:47 68U ovpn-client5[19880]: /usr/sbin/ip addr add dev tun15 local 10.8.0.6 peer 10.8.0.5
Oct 31 14:17:47 68U ovpn-client5[19880]: Linux ip addr add failed: external program exited with error status: 2
Oct 31 14:17:47 68U ovpn-client5[19880]: Exiting due to fatal error
 
I have a similar error see below. Have you found the issue?:

Aug 3 19:07:44 ovpn-client2[8622]: Note: option tun-ipv6 is ignored because modern operating systems do not need special IPv6 tun handling anymore.
Aug 3 19:07:44 ovpn-client2[8622]: OpenVPN 2.6.3 arm-buildroot-linux-gnueabi [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Aug 3 19:07:44 ovpn-client2[8622]: library versions: OpenSSL 1.1.1t 7 Feb 2023, LZO 2.10
Aug 3 19:07:44 ovpn-client2[8623]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Aug 3 19:07:44 ovpn-client2[8623]: TCP/UDP: Preserving recently used remote address: [AF_INET]xx.xx.xxx.xxx:50237
Aug 3 19:07:44 ovpn-client2[8623]: Socket Buffers: R=[131072->131072] S=[16384->16384]
Aug 3 19:07:44 ovpn-client2[8623]: Attempting to establish TCP connection with [AF_INET]xx.xx.xxx.xxx:50237
Aug 3 19:07:45 ovpn-client2[8623]: TCP connection established with [AF_INET]xx.xx.xxx.xxx:50237
Aug 3 19:07:45 ovpn-client2[8623]: TCPv4_CLIENT link local: (not bound)
Aug 3 19:07:45 ovpn-client2[8623]: TCPv4_CLIENT link remote: [AF_INET]xx.xx.xxx.xxx:50237
Aug 3 19:07:45 ovpn-client2[8623]: TLS: Initial packet from [AF_INET]xx.xx.xxx.xxx:50237, sid=a2e08b96 f868ac51
Aug 3 19:07:45 ovpn-client2[8623]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Aug 3 19:07:45 ovpn-client2[8623]: VERIFY OK: depth=1, C=FR, O=Freebox SA, CN=Freebox OpenVPN server CA for
Aug 3 19:07:45 ovpn-client2[8623]: VERIFY KU OK
Aug 3 19:07:45 ovpn-client2[8623]: Validating certificate extended key usage
Aug 3 19:07:45 ovpn-client2[8623]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Aug 3 19:07:45 ovpn-client2[8623]: VERIFY EKU OK
Aug 3 19:07:45 ovpn-client2[8623]: VERIFY X509NAME OK: C=FR, O=Freebox SA, CN=Freebox OpenVPN server
Aug 3 19:07:45 ovpn-client2[8623]: VERIFY OK: depth=0, C=FR, O=Freebox SA, CN=Freebox OpenVPN server
Aug 3 19:07:46 ovpn-client2[8623]: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
Aug 3 19:07:46 ovpn-client2[8623]: [Freebox OpenVPN server] Peer Connection Initiated with [AF_INET]xx.xx.xxx.xxx:50237
Aug 3 19:07:46 ovpn-client2[8623]: TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
Aug 3 19:07:46 ovpn-client2[8623]: TLS: tls_multi_process: initial untrusted session promoted to trusted
Aug 3 19:07:47 ovpn-client2[8623]: SENT CONTROL [Freebox OpenVPN server]: 'PUSH_REQUEST' (status=1)
Aug 3 19:07:47 ovpn-client2[8623]: PUSH: Received control message: 'PUSH_REPLY,ping 30,ping-restart 120,dhcp-option DNS 212.27.38.253,route 192.168.27.64 255.255.255.224,route 192.168.0.0 255.255.255.0,dhcp-option DNS fd0f:ee:b0::1,ifconfig-ipv6 2a01:e0a:170:3478::10/124 fd0f:ee:b0::1,ifconfig 192.168.27.65 212.27.38.253,peer-id 0,cipher AES-256-GCM'
Aug 3 19:07:47 ovpn-client2[8623]: OPTIONS IMPORT: --ifconfig/up options modified
Aug 3 19:07:47 ovpn-client2[8623]: OPTIONS IMPORT: route options modified
Aug 3 19:07:47 ovpn-client2[8623]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Aug 3 19:07:47 ovpn-client2[8623]: TUN/TAP device tun12 opened
Aug 3 19:07:47 ovpn-client2[8623]: TUN/TAP TX queue length set to 1000
Aug 3 19:07:47 ovpn-client2[8623]: /usr/sbin/ip link set dev tun12 up mtu 1500
Aug 3 19:07:47 ovpn-client2[8623]: /usr/sbin/ip link set dev tun12 up
Aug 3 19:07:47 ovpn-client2[8623]: /usr/sbin/ip addr add dev tun12 local 192.168.27.65 peer 212.27.38.253
Aug 3 19:07:47 ovpn-client2[8623]: Linux ip addr add failed: external program exited with error status: 2
Aug 3 19:07:47 ovpn-client2[8623]: Exiting due to fatal error
 
I have a similar error see below. Have you found the issue?:

Aug 3 19:07:44 ovpn-client2[8622]: Note: option tun-ipv6 is ignored because modern operating systems do not need special IPv6 tun handling anymore.
Aug 3 19:07:44 ovpn-client2[8622]: OpenVPN 2.6.3 arm-buildroot-linux-gnueabi [SSL (OpenSSL)] [LZO] [LZ4] [EPOLL] [MH/PKTINFO] [AEAD]
Aug 3 19:07:44 ovpn-client2[8622]: library versions: OpenSSL 1.1.1t 7 Feb 2023, LZO 2.10
Aug 3 19:07:44 ovpn-client2[8623]: NOTE: the current --script-security setting may allow this configuration to call user-defined scripts
Aug 3 19:07:44 ovpn-client2[8623]: TCP/UDP: Preserving recently used remote address: [AF_INET]xx.xx.xxx.xxx:50237
Aug 3 19:07:44 ovpn-client2[8623]: Socket Buffers: R=[131072->131072] S=[16384->16384]
Aug 3 19:07:44 ovpn-client2[8623]: Attempting to establish TCP connection with [AF_INET]xx.xx.xxx.xxx:50237
Aug 3 19:07:45 ovpn-client2[8623]: TCP connection established with [AF_INET]xx.xx.xxx.xxx:50237
Aug 3 19:07:45 ovpn-client2[8623]: TCPv4_CLIENT link local: (not bound)
Aug 3 19:07:45 ovpn-client2[8623]: TCPv4_CLIENT link remote: [AF_INET]xx.xx.xxx.xxx:50237
Aug 3 19:07:45 ovpn-client2[8623]: TLS: Initial packet from [AF_INET]xx.xx.xxx.xxx:50237, sid=a2e08b96 f868ac51
Aug 3 19:07:45 ovpn-client2[8623]: WARNING: this configuration may cache passwords in memory -- use the auth-nocache option to prevent this
Aug 3 19:07:45 ovpn-client2[8623]: VERIFY OK: depth=1, C=FR, O=Freebox SA, CN=Freebox OpenVPN server CA for
Aug 3 19:07:45 ovpn-client2[8623]: VERIFY KU OK
Aug 3 19:07:45 ovpn-client2[8623]: Validating certificate extended key usage
Aug 3 19:07:45 ovpn-client2[8623]: ++ Certificate has EKU (str) TLS Web Server Authentication, expects TLS Web Server Authentication
Aug 3 19:07:45 ovpn-client2[8623]: VERIFY EKU OK
Aug 3 19:07:45 ovpn-client2[8623]: VERIFY X509NAME OK: C=FR, O=Freebox SA, CN=Freebox OpenVPN server
Aug 3 19:07:45 ovpn-client2[8623]: VERIFY OK: depth=0, C=FR, O=Freebox SA, CN=Freebox OpenVPN server
Aug 3 19:07:46 ovpn-client2[8623]: Control Channel: TLSv1.3, cipher TLSv1.3 TLS_AES_256_GCM_SHA384, peer certificate: 2048 bit RSA, signature: RSA-SHA256
Aug 3 19:07:46 ovpn-client2[8623]: [Freebox OpenVPN server] Peer Connection Initiated with [AF_INET]xx.xx.xxx.xxx:50237
Aug 3 19:07:46 ovpn-client2[8623]: TLS: move_session: dest=TM_ACTIVE src=TM_INITIAL reinit_src=1
Aug 3 19:07:46 ovpn-client2[8623]: TLS: tls_multi_process: initial untrusted session promoted to trusted
Aug 3 19:07:47 ovpn-client2[8623]: SENT CONTROL [Freebox OpenVPN server]: 'PUSH_REQUEST' (status=1)
Aug 3 19:07:47 ovpn-client2[8623]: PUSH: Received control message: 'PUSH_REPLY,ping 30,ping-restart 120,dhcp-option DNS 212.27.38.253,route 192.168.27.64 255.255.255.224,route 192.168.0.0 255.255.255.0,dhcp-option DNS fd0f:ee:b0::1,ifconfig-ipv6 2a01:e0a:170:3478::10/124 fd0f:ee:b0::1,ifconfig 192.168.27.65 212.27.38.253,peer-id 0,cipher AES-256-GCM'
Aug 3 19:07:47 ovpn-client2[8623]: OPTIONS IMPORT: --ifconfig/up options modified
Aug 3 19:07:47 ovpn-client2[8623]: OPTIONS IMPORT: route options modified
Aug 3 19:07:47 ovpn-client2[8623]: OPTIONS IMPORT: --ip-win32 and/or --dhcp-option options modified
Aug 3 19:07:47 ovpn-client2[8623]: TUN/TAP device tun12 opened
Aug 3 19:07:47 ovpn-client2[8623]: TUN/TAP TX queue length set to 1000
Aug 3 19:07:47 ovpn-client2[8623]: /usr/sbin/ip link set dev tun12 up mtu 1500
Aug 3 19:07:47 ovpn-client2[8623]: /usr/sbin/ip link set dev tun12 up
Aug 3 19:07:47 ovpn-client2[8623]: /usr/sbin/ip addr add dev tun12 local 192.168.27.65 peer 212.27.38.253
Aug 3 19:07:47 ovpn-client2[8623]: Linux ip addr add failed: external program exited with error status: 2
Aug 3 19:07:47 ovpn-client2[8623]: Exiting due to fatal error
It was some time ago, can't remember. Not using it anymore. I think I never found a solution for this issue. I'll try again when I have time.
 
I found it yesterday. This needs to be added to the config:

pull-filter ignore "ifconfig-ipv6"
pull-filter ignore "route-ipv6"
 
I had the same issue with a VPN provider called Xeovo, and adding just these 2 pull-filter lines didn't help. However what did help is this post. Here's the custom configuration I used:

Code:
resolv-retry infinite
tls-client
script-security 2
remote-cert-tls server
cipher AES-256-CBC
redirect-gateway def1 ipv6
ignore-unknown-option block-outside-dns
setenv opt block-outside-dns
remote-random
resolv-retry infinite
ping 15
ping-restart 0
ping-timer-rem
persist-key
persist-tun
reneg-sec 0
fast-io
disable-occ
mute-replay-warnings
auth-nocache
sndbuf 524288
rcvbuf 524288
push "sndbuf 524288"
push "rcvbuf 524288"
pull-filter ignore "auth-token"
pull-filter ignore "ifconfig-ipv6"
pull-filter ignore "route-ipv6"
explicit-exit-notify 3
tun-mtu 1500
tun-mtu-extra 32
mssfix 1450

It is highly likely I don't need all of them, but it does work.

It is important to note that Xeovo needs a CA key to be added to the "Keys and Certificates" modal.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top